public registry_item CreateRegistryItem(string hive, string key, string name) { registry_item newRegistryItem = new registry_item(); newRegistryItem.hive = new EntityItemRegistryHiveType() { Value = hive }; newRegistryItem.key = this.CreateEntityItemStringType(key); newRegistryItem.name = this.CreateEntityItemStringType(name); return newRegistryItem; }
public void Should_be_possible_to_create_a_relation_between_objectType_and_systemData_through_of_referenceData() { CollectedObject collectObject = new CollectedObject("oval:org.mitre.oval:obj:6000"); ItemType registryItem1 = new registry_item() { status = StatusEnumeration.exists, id = "1" }; ItemType registryItem2 = new registry_item() { status = StatusEnumeration.doesnotexist, id = "2" }; collectObject.AddItemToSystemData(registryItem1); collectObject.AddItemToSystemData(registryItem2); Assert.AreEqual(2, collectObject.ObjectType.reference.Count(), "the quantity of reference is not expected"); Assert.AreEqual("1", collectObject.ObjectType.reference[0].item_ref, "the first element of reference not has the id expected"); Assert.AreEqual("2", collectObject.ObjectType.reference[1].item_ref, "the second element of reference not has the id expected"); CollectedObject otherCollectedObject = new CollectedObject("oval:org.mitre.oval:obj:6001"); ItemType registryItem3 = new registry_item() { status = StatusEnumeration.exists, id = "3" }; otherCollectedObject.AddItemToSystemData(registryItem3); Assert.AreEqual(1, otherCollectedObject.ObjectType.reference.Count(), "the quantity of reference is not expected for the second collectedObject"); Assert.AreEqual("3", otherCollectedObject.ObjectType.reference[0].item_ref, "the referece id of element is not expected"); }
public void Should_be_possible_to_compare_two_windows_itemTypes_when_they_were_created_manually() { ItemType firstItemType = new registry_item() { name = new EntityItemStringType() { Value = "Modulo" } }; ItemType secondItemType = new registry_item() { name = new EntityItemStringType() { Value = "Microsoft" } }; var itemTypeComparator = new GenericItemTypeComparator(); var comparisionResult = itemTypeComparator.IsEquals(firstItemType, secondItemType); Assert.IsFalse(comparisionResult, "The compared items are different"); }
private RegistryItemSystemData collectSystemDataForRegistryItem(registry_item item) { object dataValue = null; var valueTypeID = this.getValueTypeIDFromRegistry(item.hive.Value, item.key.Value, item.name.Value); if (valueTypeID == eValueTypes.DWORD_LITTLE_ENDIAN) { var credentials = TargetInfo.credentials; Helpers.WinNetUtils.connectToRemote(TargetInfo.GetRemoteUNC(), credentials.GetUserName(), credentials.GetPassword()); var address = TargetInfo.GetAddress(); var hive = RegistryHelper.GetRegistryHiveFromHiveName(item.hive.Value); var key = item.key.Value; var name = item.name.Value; dataValue = Microsoft.Win32.RegistryKey.OpenRemoteBaseKey(hive, address).OpenSubKey(key).GetValue(name); } else { var sGetValueMethodName = RegistryHelper.ConvertToGetValueMethodNameFromValueType(valueTypeID); var inParameters = this.getInParametersForGetValueMethod(item.hive.Value, item.key.Value, item.name.Value); var getValueResult = this.WmiDataProvider.InvokeMethod(sGetValueMethodName, inParameters); dataValue = this.getCollectedValueFromGetValueMethodResult(getValueResult); } if (valueTypeID == eValueTypes.STRING) dataValue = RemoveInvalidChars(dataValue.ToString()); return new RegistryItemSystemData(valueTypeID, dataValue); }
private static ItemType CreateRegistryItem(string hiveName, string ovalId, string message, string keyName, string name, string value) { registry_item registry_item = new registry_item() { hive = new EntityItemRegistryHiveType() { datatype = SimpleDatatypeEnumeration.@string, Value = hiveName }, id = ovalId, message = MessageType.FromString(message), key = new EntityItemStringType() { datatype = SimpleDatatypeEnumeration.@string, Value = keyName }, name = new EntityItemStringType() { datatype = SimpleDatatypeEnumeration.@string, Value = name }, value = new EntityItemAnySimpleType[1] { new EntityItemAnySimpleType() { datatype = SimpleDatatypeEnumeration.@string, Value = name } } }; return registry_item; }
private RegistryProber GetMockedRegistryProber(registry_item fakeItem) { var fakeValues = new List<String>(new string[] { "FakeValue" }); var fakeCollectedItems = new CollectedItem[] { ProbeHelper.CreateFakeCollectedItem(fakeItem) }; MockRepository mocks = new MockRepository(); var fakeConnection = mocks.DynamicMock<IConnectionManager>(); var fakeSystemInformation = mocks.DynamicMock<ISystemInformationService>(); var fakeProvider = mocks.DynamicMock<RegistryConnectionProvider>(); var fakeWmiProvider = new WmiDataProviderExpectFactory().GetFakeWmiDataProviderForTestInvokeMethodEnumKeyWithReturnSuccess(); var fakeDataCollector = mocks.DynamicMock<RegistryObjectCollector>(); fakeDataCollector.WmiDataProvider = fakeWmiProvider; var registryItemTypeGeneration = new RegistryItemTypeGenerator() { SystemDataSource = fakeDataCollector, WmiDataProvider = fakeWmiProvider }; Expect.Call(fakeConnection.Connect<RegistryConnectionProvider>(null, null)).IgnoreArguments().Repeat.Any().Return(fakeProvider); Expect.Call(fakeDataCollector.CollectDataForSystemItem(fakeItem)).IgnoreArguments().Repeat.Any().Return(fakeCollectedItems); Expect.Call(fakeDataCollector.GetValues(null)).IgnoreArguments().Repeat.Any().Return(fakeValues); Expect.Call(fakeSystemInformation.GetSystemInformationFrom(null)).IgnoreArguments().Return(SystemInformationFactory.GetExpectedSystemInformation()); mocks.ReplayAll(); return new RegistryProber() { ConnectionManager = fakeConnection, ObjectCollector = fakeDataCollector, ItemTypeGenerator = registryItemTypeGeneration}; }
private registry_item GetFakeRegistryItem(string key, string name, eValueTypes dataType, string dataValue) { string hive = Enum.GetName(typeof(eHiveNames), eHiveNames.HKEY_LOCAL_MACHINE); string keyCollectedSuccessfully = "The Key, which fullPath is '{0}\\{1}\\{2}', was collected sucessfully."; registry_item registryItem = new registry_item(); registryItem.hive = new EntityItemRegistryHiveType() { Value = hive }; registryItem.key = new EntityItemStringType() { Value = key }; registryItem.name = new EntityItemStringType() { Value = name }; registryItem.type = new EntityItemRegistryTypeType() { Value = RegistryHelper.GetValueTypeAsString(dataType) }; registryItem.value = new EntityItemAnySimpleType[] { new EntityItemAnySimpleType() { Value = dataValue } }; registryItem.status = StatusEnumeration.exists; registryItem.message = MessageType.FromString(string.Format(keyCollectedSuccessfully, hive, key, name)); return registryItem; }
public void Should_not_possible_to_add_a_item_type_if_it_already_exists_in_the_collected_object() { oval_system_characteristics systemCharacteristics = new LoadOvalDocument().GetFakeOvalSystemCharacteristics("system_characteristics_with_local_variable.xml"); CollectedObject collectedObject = new CollectedObject("oval:org.mitre.oval:obj:1000"); ItemType registryItem1 = new registry_item() { status = StatusEnumeration.exists, id = "1" }; ItemType registryItem2 = systemCharacteristics.GetSystemDataByReferenceId("2"); }
public void Should_be_possible_to_update_status_of_an_objectType_to_error_based_on_in_systemData() { CollectedObject collectObject = new CollectedObject("oval:org.mitre.oval:obj:6000"); ItemType registryItem1 = new registry_item() { status = StatusEnumeration.exists, id = "1" }; ItemType registryItem2 = new registry_item() { status = StatusEnumeration.doesnotexist, id = "2" }; ItemType registryItem3 = new registry_item() { status = StatusEnumeration.error, id = "3" }; collectObject.AddItemToSystemData(registryItem1); collectObject.AddItemToSystemData(registryItem2); collectObject.AddItemToSystemData(registryItem3); collectObject.UpdateCollectedObjectStatus(); Assert.AreEqual(FlagEnumeration.error, collectObject.ObjectType.flag); }